This module seems nicely constructed and documented, but I wouldn't use it for XSS protection. Choosing the 'dynamic' option would lead you to believe that all JavaScript would be covered, but I don't believe it covers in-line JavaScript, like <img src="javascript:foo()">.

Nice module, it works very well, as well as HTML::Scrubber (both are way more accurate than HTML::Strip).
Contrary to HTML::Scrubber, it offers a functional interface instead of an OO interface. HTML::Scrubber also permits a finer grain control over the tags to allow/disallow, while this module groups them by category (though most of the times this is perfectly appropriate, sufficient and even easier to deal with).